SB2011090606 - Input validation error in Samba

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2011-2724)

The vulnerability allows local users to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (mtab corruption) via a crafted string.

Remediation

Install update from vendor's website.

References

• http://comments.gmane.org/gmane.linux.kernel.cifs/3827
• http://git.samba.org/?p=cifs-utils.git;a=commit;h=1e7a32924b22d1f786b6f490ce8590656f578f91
• http://openwall.com/lists/oss-security/2011/07/29/9
• http://secunia.com/advisories/45798
• http://www.mandriva.com/security/advisories?name=MDVSA-2011:148
• http://www.redhat.com/support/errata/RHSA-2011-1220.html
• http://www.redhat.com/support/errata/RHSA-2011-1221.html
• http://www.securitytracker.com/id?1025984
• https://bugzilla.redhat.com/show_bug.cgi?id=726691